Cloudasta’s Commitment to Security
Cloudasta takes security very seriously. We are committed to protecting our customers’ information from any data exposure and reinforce high-level security standards.
This document outlines our security protocols and best practices to always keep your data safe and secure.
|We use Google’s Workspace API scope to check if a user on a customer’s account is a Super Admin to allow access to our billing application. For more information about this scope, please refer to Google’s Admin SDK documentation.
|All devices using Cloudasta connect through HTTPS connections.
|Google Cloud encrypts all customer content stored at rest, using AES-256 encryption. For more information, please refer to here.
|Architecture & Infrastructure
|Cloudasta is hosted on Google Cloud Platform (GCP) which is highly scalable, secure, and reliable. More information is available from Google here.
|Cloudasta operates with Google’s VM-architecture and managed services handled and maintained by Google engineers.
Stored in the United States of America
Cloudasta’s application and database are both hosted in the United States of America.
Data is backed up automatically by Google Cloud Platform.
Cloudasta’s database is fully-managed within Google Cloud. For more information you can visit Google’s official documentation here.
|Authorization and Access Control
|User Authentication Method
Super Admins authenticate via Google OAuth 2.0 to access Cloudasta’s billing application. Cloudasta never stores any OAuth Token. Google OAuth 2.0 is the Google-standard protocol for authorization.
Cloudasta will never handle your passwords in any shape or form.
|2-Step Verification (2SV)
|2-Step Verification is enforced and mandatory for all Cloudasta employees to ensure no one from outside Cloudasta has access to information. For more information on how 2SV protects accounts, please see Google’s documentation here.
|Partners are granted access to limited configurations within your domain but your private and sensitive data such as emails in Gmail, Google Drive content is never exposed. This configuration access makes it easier for Partners to troubleshoot any issues you might have with managing Google Workspace. Every reseller action is logged to your Admin audit log and access can be removed at any point as shown in this Google Workspace official support article.
|All security and transactional activity is logged into the customer’s Google Workspace Audit Logs. To learn how to audit these logs, please refer to Google’s official support documentation here.
|Third party services
|Customer Invoicing and Payments
Cloudasta doesn’t have access nor stores any customer payment information. Cloudasta will never ask for credit card information directly.